Mécanismes de sécurité et de protection de données privées pour le Cloud Computing
Sujet proposé par
Directeur de thèse:
Unité de recherche
Laboratoire de recherche d'EURECOM
Domaine: Sciences et technologies de l'information et de la communication
Security and Privacy Mechanisms for Cloud Computing
In the last decade, information technologies have been governed by a major trend towards outsourcing data storage and computations to third party services. Among various distributed computing scenarios such as web applications, service oriented architectures, and social networks, cloud computing appears to be the most prominent outsourcing approach adopted by the computing industry. Cloud computing in particular and outsourcing in general offer a number of advantages in terms of reduced cost of ownership and maintenance, elasticity, and scalability. Yet these advantages come at the expense of serious security and privacy breeches that are inherent to the underlying outsourcing model whereby the handling of sensitive data and computations relies on potentially untrusted parties such as the cloud service providers and further providers for the application and communication services. Classical security mechanisms such as data encryption and integrity unfortunately fall short of countering these privacy and security violations in the original setting whereby the performance advantages and the resulting extensive service offerings can still be kept. The main objective of research in this field is to come up with new solutions for end-to-end security and privacy geared toward the users that would be compatible with the basic principle of outsourcing, that is, based on these new solutions, the untrusted third parties would be able to perform basic operations on users’ data and programs while preserving the effect of end-to-end protections. For instance, when it comes to data confidentiality, the goal would be to design a new encryption mechanism that would allow the cloud provider to perform data handling operations over data segments encrypted by users without having to decrypt. Current research in this field focuses on various aspects of confidentiality and integrity with the constraint of compatibility with basic cloud storage and computation mechanisms.
As part of research on confidentiality, the main goal is to design new encryption techniques that allow the cloud operator to handle queries for data lookup and some basic computation over stored data in a privacy preserving manner in that both the data stored in the cloud and the content of the queries and responses are kept secret with respect to the cloud operator. Classical encryption algorithms do not meet the requirements since they do not allow for proper processing of encrypted data. Recent advances in the design of fully homomorphic encryption seem promising but current implementations thereof still suffer from prohibitive complexity. Apart form confidentiality, cloud computing raises two different integrity problems: retrievability and reliability. Retrievability is the assurance that the users will be able to retrieve all the data stored in the cloud. Classical data integrity techniques do not meet the objective of retrievability in the cloud setting whereby each user stores huge amounts of data in the cloud without keeping any local copy or any digest values for the purpose of integrity verification. Reliability raises a further requirement for the guarantee that the cloud storage provider properly implements reliability mechanisms that would assure the maintenance of stored data in the face of potential malicious and random attempts to tamper with or corrupt the data. Further to confidentiality and integrity, another challenging requirement raised by outsourcing is verifiability that calls for the assurance that the cloud provider properly performs the operations requested by the user. Current research focuses on the design of efficient solutions for searchable encryption , proofs of retrievability , proofs of reliability and verifiability based on new cryptographic techniques. Furthermore, a new question arises when the requirements of a real cloud storage system are taken into account: in a real cloud system all the security and privacy mechanisms have to be supported by the same platform and be able to interoperate. Currently most of security and privacy mechanisms suggested by research are incompatible among themselves and there is an urgent need for the integration of various integrity and confidentiality features within a realistic cloud environment.
Among the variety of research questions raised by cloud security and privacy, the Ph.D. research will focus on one or several of the following subjects:
- Further design of encryption mechanisms that are compatible with basic data handling operations
- Design of proof of reliability mechanisms
- Integration of confidentiality and integrity mechanisms within a cloud platform.
The work will consist of the design, implementation, and evaluation of the basic mechanisms and the integration of the solutions in a real scale cloud computing system run at EURECOM as part of a collaborative research project supported by the H2020 program of the European Union.